cybersecurity

Network Slicing unlocks powerful opportunities for Africa’s 5G future

Accelerating the deployment of standalone 5G networks is the most critical step for enabling network slicing in Africa. Standalone 5G uses cloud-native cores that allow operators to create and manage virtual network slices with guaranteed performance. Many African networks still rely on non-standalone architecture, which limits full slicing capabilities.

Releasing and harmonising mid-band spectrum is another key policy priority. Spectrum in the 3.5 GHz band is particularly important for delivering high throughput and low latency. Without timely spectrum allocation, operators may struggle to support advanced industrial and enterprise applications.

Clear enterprise service frameworks are also essential. Industries such as mining, logistics, and energy require reliable connectivity with strict service-level agreements. Regulators and operators must define transparent pricing models and performance guarantees to support enterprise adoption.

Investment in automation and technical skills will also play a central role. Network slicing relies on AI-driven orchestration, cloud infrastructure, and cybersecurity capabilities. Strengthening technical expertise will help operators manage complex network environments.

Once these policy foundations are in place, network slicing can unlock new business models for telecom providers. Operators can offer slice-as-a-service, allowing enterprises to subscribe to dedicated network segments tailored to specific operational needs.

African telecom companies are already exploring these opportunities. Operators such as MTN, Vodacom, Safaricom, and Telkom are developing enterprise connectivity solutions for sectors including mining, manufacturing, logistics, and energy.

Private 5G deployments in mining operations illustrate the potential value of these services. Dedicated networks support automation, real-time monitoring, and remote equipment management. These projects often involve multi-year contracts worth several million dollars.

Network slicing also enables telecom providers to move beyond traditional consumer data services. Instead of charging primarily for data volume, operators can generate revenue from long-term enterprise connectivity and managed digital services.

As 5G infrastructure expands across the continent, network slicing is expected to play an increasing role in enterprise connectivity. By aligning network performance with industry needs, it could become a key driver of digital transformation in Africa.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Hackers can use AI to de-anonymise social media accounts

AI technology behind platforms like ChatGPT is making it significantly easier for hackers to identify anonymous social media users, a new study warns. LLMs could match anonymised accounts to real identities by analysing users’ posts across platforms.

Researchers Simon Lermen and Daniel Paleka warned that AI enables cheap, highly personalised privacy attacks, urging a rethink of what counts as private online. The study highlighted risks from government surveillance to hackers exploiting public data for scams.

Experts caution that AI-driven de-anonymisation is not flawless. Errors in linking accounts could wrongly implicate individuals, while public datasets beyond social media- such as hospital or statistical records- may be exposed to unintended analysis.

Users are urged to reconsider what information they share, and platforms are encouraged to limit bulk data access and detect automated scraping.

The study underscores growing concerns about AI surveillance. While the technology cannot guarantee complete de-anonymisation, its rapid capabilities demand stronger safeguards to protect privacy online.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU Commission’s new guidance to push Cybersecurity Resilience Act

The EU Commission has opened a public consultation on draft guidance to help companies apply the EU’s Cyber Resilience Act (CRA), a regulation that sets baseline cybersecurity requirements for hardware and software ‘products with digital elements’ to reduce vulnerabilities and improve security throughout a product’s life cycle. The guidance is framed as practical help, especially for microenterprises and SMEs, and the consultation runs until 31 March 2026.

The CRA is designed to make ‘secure by design’ the default for connected products people use every day, from consumer devices to business software, while giving users clearer information about a product’s security properties. In timeline terms, the Act entered into force on 10 December 2024. The incident reporting duties start on 11 September 2026, and the main obligations apply from 11 December 2027, giving industry a runway but also a clear countdown.

What the Commission is trying to nail down now are the parts companies have found hardest to interpret: how the rules apply to remote data processing solutions (cloud-linked features), how they treat free and open-source software, what ‘support periods’ mean in practice (i.e. how long security upkeep is expected), and how the CRA fits alongside other EU laws. In other words, this is less about announcing new rules and more about reducing legal grey zones before enforcement ramps up.

The guidance push also lands amid a broader policy drive, as on 20 January 2026, the Commission proposed a new EU cybersecurity package, built around a revised Cybersecurity Act and targeted NIS2 amendments. The package aims to harden ICT supply chains, including a framework to jointly identify and mitigate risks across 18 critical sectors, and would enable mandatory ‘de-risking’ of EU mobile telecom networks away from high‑risk third‑country suppliers. It also proposes a revamped EU cybersecurity certification system with simpler procedures, giving a default 12‑month timeline to develop certification schemes, while cutting red tape for tens of thousands of firms and strengthening ENISA’s role, including early warnings, ransomware support, and a major budget boost.

Taken together, the EU is moving from strategy documents to operational details, product security on one side (CRA) and ecosystem-level resilience on the other (supply chains, certification, incident reporting and supervision). For companies, that can be both reassuring and demanding: clearer guidance should reduce uncertainty, but the compliance reality may still be layered, especially for businesses spanning devices, software, cloud features, and cross-border operations. The Commission’s stakeholder feedback window is essentially a test of whether these rules can be made workable without diluting their bite.

Why does it matter?

Beyond technical risk, this is increasingly about sovereignty: who sets the rules for digital products, who can be trusted in supply chains, and how much dependency is acceptable in critical infrastructure. Digital governance expert Jovan Kurbalija argues that full ‘stack’ digital sovereignty, that is to say control over infrastructure, services, data, and AI knowledge, is concentrated in very few states, while most countries must balance openness with autonomy. The EU’s current wave of cybersecurity governance fits that pattern: it’s an attempt to turn security standards, certification, and supply-chain choices into a practical form of strategic control, not just to prevent hacks, but to protect democratic institutions, economic competitiveness, and trust in the digital tools people rely on.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot 

Online privacy faces new pressures in the age of social media

Online privacy is eroding as digital services collect ever-growing personal data and surveillance becomes part of daily technology use. The debate has intensified as social media platforms, advertisers, and connected devices expand their ability to track behaviour, preferences, and habits.

Analysts say younger generations have adapted to this reality rather than resisting it. ‘In 2026, online privacy is a luxury, not a right,’ says Thomas Bunting, an analyst at the UK innovation think tank Nesta. He argues many people have grown up accepting data collection as a trade-off for access to online services, noting: ‘We’ve been taught how to deal with it.’

Advocates warn that the erosion of online privacy could have wider social consequences. Cybersecurity expert Prof Alan Woodward from the University of Surrey says the issue goes beyond personal privacy. ‘People should care about online privacy because it shapes who has power over their lives,’ he says, arguing that privacy is ‘about having something to protect: freedom of thought, experimentation, dissent and personal development without permanent surveillance.’

Despite a growing number of privacy tools and regulations, data exposure remains widespread. According to Statista, more than 1.35 billion people were affected by data breaches, hacks, or exposure in 2024 alone. At the same time, more than 160 countries now have privacy legislation, while users regularly encounter cookie consent prompts that govern how their data is collected online.

Experts say frustration with privacy controls reflects a broader ‘privacy paradox’, in which people express concern about data protection but rarely change their behaviour. Cisco’s Consumer Privacy Survey found that while 89% of respondents said they care about privacy, only 38% actively take steps to protect their data.

As philosopher Carissa Véliz notes, the challenge is not simply awareness but a sense of agency: ‘Mostly, people don’t feel like they have control.’ She argues that protecting privacy requires stronger regulation, responsible technology design, and cultural change, adding: ‘It’s about having [access to] the right tech, but also using it.’

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Cybercriminals shift to stolen credentials and AI-enabled attacks

Ransomware attacks are increasingly relying on stolen passwords rather than traditional malware, according to Cloudflare’s latest annual threat report. Attackers now exploit legitimate account credentials to blend into regular traffic, making breaches harder to detect and contain.

Manufacturing and critical infrastructure organisations account for over half of targeted attacks, reflecting their high operational stakes.

Cloudflare highlighted that AI is enabling attackers to prioritise speed and scale over technical sophistication. Generative AI lets criminals automate fraud, hijacking email threads and targeting a ~$49,000 sweet spot to maximise profit while avoiding scrutiny.

Nation-state actors also leverage legitimate platforms for command-and-control operations, with Russia, China, Iran, and North Korea each following distinct cyber strategies.

Researchers warned that modern ransomware is less a malware crisis and more an identity and access challenge. Attackers using authorised credentials can bypass defences and execute high-impact extortion, marking a significant shift in global threat vectors.

The report urges businesses to strengthen identity security, monitor access, and defend against AI-driven attacks that exploit impersonation and automation at scale.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

AI Cybersecurity stability framework unlocks advanced Non Human Identity management

AI is increasingly positioned as a key driver of cybersecurity stability. By analysing large volumes of data and detecting anomalies in real time, AI helps organisations strengthen defence systems and respond faster to evolving digital threats.

Modern cybersecurity challenges are closely linked to the rise of Non-Human Identities (NHIs), including machine accounts, tokens, and automated credentials. These identities require continuous monitoring and secure lifecycle management to prevent unauthorised access and data breaches.

The integration of AI with NHI management enables a more proactive security approach. AI improves visibility into access permissions and system behaviour, helping organisations reduce risks and maintain stronger control over their digital environments.

Automation powered by AI enhances operational efficiency across cybersecurity processes. Tasks such as credential rotation, access monitoring, and policy enforcement can be automated, allowing security teams to prioritise strategic decision-making.

AI also strengthens threat intelligence capabilities by identifying patterns and predicting potential attacks before they occur. This predictive capacity helps close security gaps, particularly between development, operations, and security teams.

Across sectors such as finance, healthcare, and technology, AI-driven cybersecurity solutions support compliance and data protection requirements. These systems contribute to building resilient infrastructures capable of adapting to increasingly sophisticated cyber threats.

Finally, combining AI capabilities with structured identity management creates a foundation for long-term cybersecurity resilience. Organisations adopting this approach can improve incident response, enhance adaptability, and secure future digital operations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

NVIDIA drives a new era of industrial AI cybersecurity

AI-driven defences are moving deeper into operational technology as NVIDIA leads a shift toward embedded cybersecurity across critical infrastructure.

The company is partnering with firms such as Akamai Technologies, Forescout, Palo Alto Networks, Siemens and Xage Security to protect energy, manufacturing and transport systems that increasingly operate through cloud-linked environments.

Modernisation has expanded capabilities across these sectors, yet it has widened the gap between evolving threats and ageing industrial defences.

Zero-trust adoption in operational environments is gaining momentum as Forescout and NVIDIA develop real-time verification models tailored to legacy devices and safety-critical processes.

Security workloads run on NVIDIA BlueField hardware to keep protection isolated from industrial systems and avoid any interference with essential operations. That approach enables more precise control over lateral movement across networks without disrupting performance.

Industrial automation is also adapting through Siemens and Palo Alto Networks, which are moving security enforcement closer to workloads at the edge. AI-enabled inspection via BlueField enhances visibility in highly time-sensitive environments, improving reliability and uptime.

Akamai and Xage are extending similar models to energy infrastructure and large-scale operational networks, embedding segmentation and identity-based controls where resilience is most critical.

A coordinated architecture is now emerging in which edge-generated operational data feeds central AI analysis, while enforcement remains local to maintain continuity.

The result is a security model designed to meet the pressures of cyber-physical systems, enabling operators to detect threats faster, reinforce operational stability and protect infrastructure that supports global AI expansion.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!  

Gabon imposes indefinite social media shutdown over national security concerns

Gabon’s media regulator, the High Authority for Communication (HAC), has announced a nationwide open-ended suspension of social media, citing online content that it says is fueling tensions and undermining social cohesion. In a statement, the HAC framed the move as a response to material it described as defamatory or hateful and, in some cases, a threat to national security, telling telecom operators and internet service providers to block access to major platforms.

The regulator pointed to what it called a rise in coordinated cyberbullying and the unauthorised sharing of personal data, saying existing moderation measures were not working and that the shutdown was necessary to stop violations of Gabon’s 2016 Communications Code.

The announcement arrives amid mounting labour pressure. Teachers began a high-profile strike in December 2025 over pay, status and working conditions, and the dispute has become one of the most visible signs of broader public-sector discontent. At the same time, the economic stakes are significant: Gabon had an estimated 850,000 active social media users in late 2025 (around a third of the population), and platforms are widely used for marketing and small-business sales.

Why does it matter?

Governments increasingly treat social media suspensions as a rapid-response tool for ‘public order’, but they also reshape information access, civic debate and commerce, especially in countries where mobile apps are a primary channel for news and income. The current announcement comes at a politically sensitive moment, since Gabon has a precedent here: during the 2023 election period, authorities shut down internet access, citing the need to counter calls for violence and misinformation. Gabon is still in transition after the August 2023 coup, and President Brice Oligui Nguema, who led the takeover, won the subsequent presidential election by a landslide in 2025, consolidating power while facing rising expectations for reform and stability.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Germany drafts reforms expanding offensive cyber powers

Politico reports that Germany is preparing legislative reforms that would expand the legal framework for conducting offensive cyber operations abroad and strengthen authorities to counter hybrid threats.

According to the Interior Ministry, two draft laws are under preparation:

  • One would revise the mandate of Germany’s foreign intelligence service to allow cyber operations outside national territory.
  • A second would grant security services expanded powers to fight back against hybrid threats and what the government describes as active cyber defense.

The discussion in Germany coincides with broader European debates on offensive cyber capabilities. In particular, the Netherlands have incorporated offensive cyber elements into national strategies.

The reforms in Germany remain in draft form and may face procedural and constitutional scrutiny. Adjustments to intelligence mandates could require amendments supported by a two-thirds majority in both the Bundestag and Bundesrat.

The proposed framework for ‘active cyber defense’ would focus on preventing or mitigating serious threats. Reporting by Tagesschau ndicates that draft provisions may allow operational follow-up measures in ‘special national situations,’ particularly where timely police or military assistance is not feasible.

Opposition lawmakers have raised questions regarding legal clarity, implementation mechanisms, and safeguards. Expanding offensive cyber authorities raises longstanding policy questions, including challenges of attribution to identify responsible actors; risks of escalation or diplomatic repercussions; oversight and accountability mechanisms; and compatibility with international law and norms of responsible state behaviour.

The legislative process is expected to continue through the year, with further debate anticipated in parliament.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Shadow AI becomes a new governance challenge for European organisations

Employees are adopting generative tools at work faster than organisations can approve or secure them, giving rise to what is increasingly described as ‘shadow AI‘. Unlike earlier forms of shadow IT, these tools can transform data, infer sensitive insights, and trigger automated actions beyond established controls.

For European organisations, the issue is no longer whether AI should be used, but how to regain visibility and control without undermining productivity, as shadow AI increasingly appears inside approved platforms, browser extensions, and developer tools, expanding risks beyond data leakage.

Security experts warn that blanket bans often push AI use further underground, reducing transparency and trust. Instead, guidance from EU cybersecurity bodies increasingly promotes responsible enablement through clear policies, staff awareness, and targeted technical controls.

Key mitigation measures include mapping AI use across approved and informal tools, defining safe prompt data, and offering sanctioned alternatives, with logging, least-privilege access, and approval steps becoming essential as AI acts across workflows.

With the EU AI Act introducing clearer accountability across the AI value chain, unmanaged shadow AI is also emerging as a compliance risk. As AI becomes embedded across enterprise software, organisations face growing pressure to make safe use the default rather than the exception.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.